Ive tried creating a tunnel directly from B to C but it fails, and look like theres a looping going on. I could see on the SH IPSEC SA on B that the ipsec peer is changing between the public IP of A and C.

Re: mesh vpn

Yes .. this is definetely possible but you need to make the access-list applied to the crypto maps are not overlapping ... In other words make sure that the IPsec tunnel from spoke one to hub DOES not also include the IP addresses that belong to spoke 2.

So you will need one crypto map with 2 policy numbers ( one to the hub, the other one to the spoke 2) ..

crypto map outside_map 20 ipsec-isakmp

crypto map outside_map 20 match address outside_cryptomap_20

crypto map outside_map 20 set pfs

crypto map outside_map 20 set peer

crypto map outside_map 20 set transform-set AWU_Transform

crypto map outside_map 40 ipsec-isakmp

crypto map outside_map 40 match address outside_cryptomap_40

crypto map outside_map 40 set pfs group2

crypto map outside_map 40 set peer

crypto map outside_map 40 set transform-set AWU_Transform

The outside_cryptomap_20 and outside_cryptomap_40 define the traffic to be encrypted and the peer to use.

Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
view more

We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...
view more